vulnerabilities

  1. cageymaru

    Password Manager Vulnerabilities Exposed

    A report from Independent Security Evaluators (ISE) showed that password manager security is acceptable in non-running states, but are vulnerable to memory attacks when in running states. Products from 1Password4, 1Password7, Dashlane, KeePass, and LastPass were tested in the report. For...
  2. cageymaru

    Cybersecurity Vulnerabilites in Weapon Systems Blemish the Department of Defense

    A study by the U.S. Government Accountability Office (GAO) has shown how vulnerable U.S. weapon systems under the control of the Department of Defense (DOD) have become. This is due to the weapon systems becoming more networked and software dependent and the DoD is still in the early stages of...
  3. cageymaru

    Many Cellphones Offered by the Four Major US Carriers Have Built in Vulnerabilities

    Critical flaws are built into phones sold by the four major U.S. cellphone carriers according to research funded by the Department of Homeland Security (DHS). The flaws allow a hacker to gain access to data, emails, text messages, and "escalate privileges and take over the device" according to...
  4. O

    How do you test for Spectre/Meltdown vulnerability? In what CPU will it be fixed at hardware level?

    Two questions: How do you test or check for Spectre / Meltdown vulnerability? Do we know, yet, in what CPU these will be fixed at hardware level? So will 9th generation Intel CPU's be "immune" for example? I ask the second question because it seems like new "variants" of the above...
  5. DooKey

    Firmware Vulnerabilities Disclosed in Supermicro Server Products

    If you own or support Supermicro products you should be aware there are some vulnerabilities in the configuration of some motherboards. This vulnerability is only able to be exploited if the malicious software is already running on the system, but it does have the nasty ability to hide in the...
  6. DooKey

    US Government Probes Airplane Vulnerabilities

    The DHS and other government agencies are investigating the cybersecurity strength of the airline industry and commercial aircraft. As a matter of fact a DHS team was able to successfully remotely hack a Boeing 737. Further, the government has determined that aircraft have little to no...
  7. R

    New Processor Vulnerability Discovered

    Microsoft and Google Project Zero researchers announced today a new category of processor vulnerability known as a speculative execution side channel vulnerability, or Speculative Store Bypass, that is closely related to the Spectre Variant 1 vulnerability. Microsoft has also released a security...
  8. R

    AMD Responds To CTS Labs Vulnerability Claims

    Last week we wrote about possible AMD security flaws that were announced by CTS Labs. Today, AMD has released their assessment of CTS Labs' claims in a community post. AMD makes it clear that the issues identified by CTS Labs have nothing to do with Meltdown and Spectre, but are associated with...
  9. R

    Google Exposes Security Flaw in Microsoft Edge

    Google's Project Zero has exposed a security flaw in Microsoft Edge according to a report from Neowin. Microsoft began using Arbitrary Code Guard in Edge with the creators update which forced the use of Just-in-Time (JIT) compilers to an isolated sandbox. The problem with this is the address for...
  10. DooKey

    Dell Becomes First Major PC Vendor to Offer Laptops with IME Disabled

    Dell is going to offer 3 high-end laptops with the Intel Management Engine disabled. This is in response to the recent revelations that the IME has vulnerabilities and cpu's from the 6th gen to the 8th gen all have this cooked in. If successful, I expect other major vendors to jump on-board...
  11. DooKey

    Newly Revealed Flaw Could Subject IoT Devices to Airborne Attacks

    Billions of voice-activated Internet of Things devices may be subject to external attack due to BlueBorne vulnerabilities, Armis revealed last Wednesday. Hackers could exploit BlueBorne to mount an airborne attack, using Bluetooth to spread malware and access critical data, including sensitive...
  12. Schtask

    These are Not the Zero Days You are Looking For

    As chaos gripped the hallowed halls of various Security Operations Centers around the world, Microsoft stood like a defiant digital Gandalf. "You shall not pass!" they declared as they smashed the ground with the Staff of Patching, releasing a golden ring of light and sending their adversaries...
Top